Microsoft Azure Trust Centre

Request a Call Back

To empower its customers to get the most out of Azure, Microsoft understands that they must enable their customers to trust them with one of their most valuable assets – their data.

Microsoft makes the security and privacy of your data a priority at every step. It also provides transparency so you can control your data and conforms to global compliance standards.

Azure Security – Keeping Your Data Safe

When it comes to implementing security technologies and practices, Microsoft has years of experience in building enterprise software and running some of the world’s largest online services. This has enabled them to build an Azure infrastructure which is resilient to attack, safeguards users accessing the Azure environment and protects the security of customer data through encrypted communications, threat management and mitigation practices including penetration testing.

Manage and control identity and user access:

By federating user identities to Azure Active Directory and enabling multi-factor authentication for a more secure sign-in, access to your environments, data and applications is safeguarded.

Encryption of communications and operation processes:

To protect your data in transit, Azure uses industry-standard transport protocols between user devices and Microsoft data centres, and also within data centres themselves. For the protection of data at rest, Azure gives you the flexibility to choose the solution that best meets your needs, offering a wide range of encryption capabilities up to AES-256.

Securing networks:

With Azure, you get the infrastructure necessary to connect virtual machines to one another securely and to connect on-premise data centres with Azure VMs. Azure blocks unauthorised traffic to and within Microsoft data centres. Azure Virtual Network extends your on-premise networks to the cloud through site-to-site VPN.

Azure Privacy – Own and Control Your Data

Microsoft is an advocate for organisations retaining ownership and control over the collection, use and distribution of their information. For over 20 years, Microsoft has stood by this principle and has been committed to creating secure online solutions that will protect their customers’ privacy and data.

Microsoft’s privacy practices are transparent, offering meaningful privacy choices for customers alongside responsible management of the data they store and process. A benchmark of their commitment to data privacy is their adoption of the world’s first code of practice for cloud privacy, ISO/IEC 27018.

Own your own data:

As an Azure customer, you retain ownership of all your customer data that is provided to Microsoft by you or on your behalf, through Azure. This includes text, sound, video or image files and software. You will not need assistance from Microsoft to access your data. You can do this at any time. As part of your ownership, Microsoft does not use customer data for advertising or data mining.

Control your data:

As the customer data you host on Azure belongs to you, it is you that controls where it is stored and how it is securely accessed and deleted.

Microsoft’s response to government and law enforcement requests to access data:

In order to access customer data from Microsoft, for example for national security purposes, a government must follow the correct legal process which includes serving Microsoft with a court order for content or a subpoena for account information.

Unless legally prohibited from doing so, Microsoft will notify its customers if they are legally compelled to disclose their data and provide a copy of the demand.

Microsoft does not provide any government with direct or unfettered access to customer data, except as directed by the customer or where required by law.

Azure Compliance – Conforming to Global Standards

Azure meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards, including UK G-Cloud.

Adherence to these strict security controls are rigorously audited by organisations such as the British Standards Institute.

Microsoft’s implementation of the security controls can be verified by requesting audit results from the certifying third parties, demonstrating their commitment to transparency.

Customers benefit from Microsoft’s approach to meeting and demonstrating compliance as in turn it makes it easier for them to achieve compliance for the infrastructure and applications they run in Azure.